The Fizzer worm appears to have had little impact on
corporate networks, but with a growing number of users logging into
corporate networks from home and other relatively insecure remote
locations, the malicious code and spyware that such viruses leave
behind on unprotected systems could prove to be a long-term
headache for companies.
Fizzer represents an emerging class of malicious code that
relies on a variety of ways to try and circumvent increasingly
sophisticated corporate network defences.
The worm was contained in executable e-mail attachments with
innocuous subject headers. In most cases, users had to click on the
e-mail attachment before the virus could start executing code.
In general, companies with updated antivirus software and
policies for filtering executable e-mail attachments would have
been protected against Fizzer, said Russ Cooper, an analyst at
TruSecure.
Companies without such basic perimeter defences measures are
being "derelict in their duty," said Pete Lindstrom, an analyst at
Spire Security.
But workers who dial into the corporate network from home and
other remote locations may not always have the same defences and
are more vulnerable to infection, said Michael Allgeier, data
security officer at the Colorado River Authority.
This could prove dangerous because of the payload carried by
viruses such as Fizzer, a complex e-mail worm that contains a
built-in IRC backdoor, a denial-of-service attack tool, a
(keystroke logging) Trojan, an HTTP server and other
components.
Such capabilities could allow hackers to control compromised
machines remotely, steal from them or mine them for passwords,
analysts said. Connecting such a compromised system to a corporate
network could allow hackers to burrow past other defences.
"I think the biggest security threat today is remote users,"
said David Krauthamer, director of IS at Advanced Fibre
Communications, a manufacturer of telecommunications equipment.
"VPN access is proliferating and, with the onset of wireless
home networking, it's becoming easier to gain an a foothold to a
corporate network."
Companies need to ensure that remote workers are covered by the
same security polices that govern the corporate network, Lindstrom
said. "It's a question of evaluating all the different attack
points and distributed components in your environment," and
protecting them.